This disclosure relates to network security.
The prevalence and accessibility of computer networks requires security measures to protect valuable information. Such security measures include a user and password login in which a user provides login credentials (e.g., a user identifier, a password, and perhaps other information) proving that the user is authorized to access one or more systems, scanning files stored in networked devices for malicious software, and generally monitoring network transmissions to detect and halt unauthorized and/or malicious network activity.
For a security system that is serving a large enterprise, implementing these security measures can introduce processing and/or transmission delays. Limiting such delays is desirable to the extent that the delays can be limited without compromising security. Network security measures often search lookup tables, databases, or other types of datastores to perform a comparison operation to verify that a given network activity is authorized and/or non-malicious. Datastores are often optimized in order to speed the retrieval of stored information, but these optimizations generally do not reduce processing times where an operation attempts to find information not included in the stored data. Such operations can introduce undesirable delays in network security system processing.